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DETAILED ACTION 

Response to Arguments 

1 . Applicant's arguments filed November 18, 2009 have been fully considered but 
they are not persuasive. Applicant argues that Coss fails to teach or suggest saving 
data for use in determining a result of a second rule executed. While Coss does state 
that the rule processing is bypassed (column 5, lines 42-45), the applicant is 
misinterpreting the use of the word bypass. Coss specifically states that after caching 
results for a specific packet of a given network session so that when subsequent 
packets from the same network session arrive at the firewall the results from the 
previous packet are used (column 5, lines 45-50). When a packet is received the cache 
is searched based on the session key which is used to determine what action is to be 
taken (column 6, lines 38-43, Figure 5a, step 504). The session key is equivalent to the 
rule since it contains the same information (Figure 3, Figure 4). Therefore the rule is 
executed. In addition, it could be interpreted that the cache is an extension of the rules 
since it is checked first and has its own condition (the session key) and then an action. 

2. Applicant goes on to argue that Coss teaches away from applicant's claimed 
invention. As explained above Coss teaches what is claimed by applicant. 

3. Applicant's arguments, see Remarks, filed November 18, 2009, with respect to 
101 have been fully considered and are persuasive. The rejection of claims 9-13 and 
15 - 17 has been withdrawn. 
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4. Applicant's arguments, see Remarks, filed November 18, 2009, with respect to 
claim objections have been fully considered and are persuasive. The objection of claim 
7 has been withdrawn. 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

5. Claims 1 - 5, 7 - 13, 15 - 22, 24 and 25 are rejected under 35 U.S.C. 112, first 
paragraph, as failing to comply with the written description requirement. The claim(s) 
contains subject matter which was not described in the specification in such a way as to 
reasonably convey to one skilled in the relevant art that the inventor(s), at the time the 
application was filed, had possession of the claimed invention. It is unclear where in the 
specification executing a second rule wherein the second rule uses the saved results to 
determine a result for the second rule. The specification only seems to teach executing 
the rule, and then executing the action. There is no reference to how the saved results 
are used later. 

Claim Rejections - 35 USC § 103 

1 . The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 
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2. Claims 1 - 5, 7 - 13, 15 - 22, 24 and 25 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Coss in view of Moir's US Publication 2002/0120720 A1 in 
view of Venkatachary, and further in view of Katz. 

3. Referring to claims 1 , 9, and 18, Coss discloses: 

a. Receiving state rules (column 4, lines 4-6). 

b. Forming a set of rules including at least one condition and one action 
(column 4, lines 30-34), the at least one action comprises instantiation of a rule 
for the network flow from the set of rules (column 4, line 48) and further wherein 
the at least one action comprises saving the result of the at least one action for 
use in a later executed rule (column 5, lines 40-42). 

c. Storing a set of rules in tabular form (column 4, lines 5-6). 

d. Receiving a network flow including a plurality of packets (column 6, lines 
29-30, Figure 5, element 501). 

e. Applying the state rules to the plurality of packets in the network flow 
(column 6, lines 18-21). 

f. Saving a result from at least a first rule of the parsed protocol state rules 
to create a saved result (column 5, lines 40-42). 

g. Executing a second rule of the parsed protocol state rules, wherein the 
second rules uses the saved results to determine a result for the second rule 
(column 6, lines 38-43). 

4. Coss does not explicitly disclose expressing rules in a text format and converting 
them into a binary format. However, Moir discloses receiving the rule file in text format 
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and converting it into a binary format (page 6, paragraph 72). Coss and Moir are 
analogous art because they are from the same field of endeavor, rules. At the time of 
the invention, it would have been obvious to one of ordinary skill in the art, having the 
teachings of Coss and Moir before him or her, to modify the system of Coss to include 
the text to binary of Moir. The suggestion/motivation for doing so would have been so 
that the rules may be supported by the virtual machine (page 5, paragraph 58). 

5. Coss in view of Moir does not explicitly disclose there being a database of filters, 
where a specific filter is selected. However Venkatachary discloses a database of filters 
or rules (column 8, lines 16-17) and selecting a filter (column 8, lines 56-57). Coss in 
view of Moir and Venkatachary are analogous art because they are from the same field 
of endeavor, filtering. At the time of the invention, it would have been obvious to one of 
ordinary skill in the art, having the teachings of Coss in view of Moir and Venkatachary 
before him or her, to modify the method of Coss in view of Moir to include the database 
of filters of Venkatachary. The motivation fordoing so would have been to provide traffic 
sensitive routing (column 2, lines 21-22). 

6. Coss in view of Moir in view of Venkatachary does not explicitly disclose passing 
the definitions as a state machine. However, Katz discloses that state machines are 
critical for realizing the control and decision making logic in digital systems (page 383, 
2 nd paragraph). Katz and Coss in view of Moir in view of Venkatachary are analogous 
art because they are from the same field of endeavor, digital systems. At the time of the 
invention, it would have been obvious to one of ordinary skill in the art, having the 
teachings of Coss in view of Moir in view of Venkatachary and Katz before him or her, to 
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modify Coss in view of Moir in view of Venkatachary to include the state machine of 
Katz. The motivation for doing so would have been that state machines are critical for 
realizing the control and decision making logic in digital systems (page 383, 2 nd 
paragraph). 

7. Referring to claims 2, 3, 10, 1 1 , 19 and 20, Venkatachary teaches analyzing the 
application layer context (column 5, lines 60-62). 

8. Referring to claims 4, 12, and 21 , Coss teaches wherein the filter comprises a 
dynamic filter (column 8, lines 27-30). 

9. Referring to claims 5, 1 3, 22, Coss teaches wherein the filter comprises a static 
filter (Figure 3). Static rules are defined in applicant's specification as a rule that applies 
to aggregate flows. In Figure 3, all flows from A to B of type FTP are Passed. 

1 0. Referring to claim 7, Katz teaches that the state is maintained based on the state 
table (page 385). Coss teaches maintaining a state table of saved results (column 5, 
lines 38-55). Therefor Coss in view of Katz teaches maintaining an expected state 
utilizing the saved results. 

1 1 . Referring to claims 8, 16, and 25, Coss teaches activating a rule (column 8, lines 
13-15). 

12. Referring to claims 15, and 24, Coss teaches deactivating a rule (column 8, lines 
36-38). 

1 3. Referring to claim 1 7, Coss teaches maintaining a state table for the network flow 
(column 5, lines 38-55). 
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Conclusion 

14. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CORDELIA KANE whose telephone number is 
(571 )272-7771 . The examiner can normally be reached on Monday - Thursday 8:00 - 
5:00 EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

10. K.I 

Examiner, Art Unit 2432 



/Benjamin E Lanier/ 

Primary Examiner, Art Unit 2432 



